[Freeipa-devel] [PATCHES] 0016-17 Fixes for{add, set, del}attr with managed attributes
Petr Viktorin
pviktori at redhat.com
Wed Feb 29 13:21:25 UTC 2012
On 02/27/2012 11:03 PM, Rob Crittenden wrote:
> Petr Viktorin wrote:
>> Patch 16 defers validation & conversion until after {add,del,set}attr is
>> processed, so that we don't search for an integer in a list of strings
>> (this caused ticket #2405), and so that the end result of these
>> operations is validated (#2407).
>>
>>
>> Patch 17 makes these options honor params marked no_create and no_update.
>>
>>
>> https://fedorahosted.org/freeipa/ticket/2405
>> https://fedorahosted.org/freeipa/ticket/2407
>> https://fedorahosted.org/freeipa/ticket/2408
>
> NACK on Patch 17 which breaks patch 16.
How is patch 16 broken? It works for me.
> *attr is specifically made to be powerful. We don't want to arbitrarily
> block updating certain values.
Noted
> Not having patch 17 means that the problem reported in 2408 still
> occurs. It should probably check both the schema and the param to
> determine if something can have multiple values and reject that way.
I see the problem now: the certificate subject base is defined as a
multi-value attribute in the LDAP schema. If it's changed to
single-value the existing validation should catch it.
Also, most of the config attributes should probably be required in the
schema. Am I right?
I'm a newbie here; what do I need to do when changing the schema? Is
there a patch that does something similar I could use as an example?
--
Petr³
More information about the Freeipa-devel
mailing list